[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Can SKS cope with the same key (and same fingerprint) in two
From: |
Daniel Kahn Gillmor |
Subject: |
[Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles? |
Date: |
Fri, 15 May 2009 10:09:04 -0400 |
User-agent: |
Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
hey SKS people--
Thinking about the way that the RFC is set up, it occurred to me that
any given asymmetric key could be placed in either subkey or primary key
position, and it would retain the same fingerprint.
So after a bit of playing around with data, i've managed to generate the
following weird pair of constructs:
> 0 address@hidden:~$ gpg --list-key --fingerprint --fingerprint
> /home/wt215/.gnupg/pubring.gpg
> ------------------------------
> pub 1024D/306863C2 2009-05-15
> Key fingerprint = 486D 9E84 8F90 E4D7 80C7 461C CD5D 655D 3068 63C2
> uid Fakey McFake-Fake (DO NOT USE: A)
> sub 2048R/80FD2FAF 2009-05-15
> Key fingerprint = 8E91 098C B184 1235 C52D 5D1B D6AB 52F2 80FD 2FAF
>
> pub 2048R/80FD2FAF 2009-05-15
> Key fingerprint = 8E91 098C B184 1235 C52D 5D1B D6AB 52F2 80FD 2FAF
> uid Fakey McFake-Fake (DO NOT USE: B)
>
> 0 address@hidden:~$
In particular, the subkey of A is the same 2048-bit RSA key as the
primary key of B. Note that the user IDs (and indeed, any of the
material that is expected to be found in the self-sig, like preferences,
usage flags, etc) are different between keys, even though the
fingerprints (and the key material itself) is identical.
This is some weirdness, to be sure. And if it causes trouble for the
keyservers somehow that would be a Bad Thing. I've avoided injecting
either key into the SKS network or this reason.
But i wanted to give a heads-up that this is possible. It would even be
possible for 306863C2 to be a subkey of 80FD2FAF, with a bit more
manipulation. Would SKS handle such a scenario well? I only have a
weak understanding of the set reconciliation protocols described at
http://minskyprimus.net/sks/, and i haven't been able to find any
documentation about how SKS views the keyring as a set of length-b
bitstrings.
Has anyone tested this? do you forsee any problems should such a pair
of keys be injected into the SKS pool?
--dkg
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?,
Daniel Kahn Gillmor <=